Summary: | Feature Request: Private Browsing initiated by server header. | ||
---|---|---|---|
Product: | WebKit | Reporter: | Philip Clarke <nod> |
Component: | Page Loading | Assignee: | Nobody <webkit-unassigned> |
Status: | UNCONFIRMED --- | ||
Severity: | Enhancement | CC: | ap |
Priority: | P2 | ||
Version: | 528+ (Nightly build) | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
URL: | http://groups.google.com/group/mozilla.dev.apps.firefox/browse_thread/thread/22ed0734bae0bedf# |
Description
Philip Clarke
2011-08-26 16:51:11 PDT
Interesting. What prevents the site from not using cookies or setting a short cache timeout, in the first place? What are the parts that only a browser can do? A short cache timeout or not setting cookies is reliant on the web master and is also covered by the submission to the w3c by microsoft http://www.w3.org/Submission/web-tracking-protection/ which deals with the user being able to request that a website not track them through cookies and the browser sending a header. This is the opposite way around. The server sends the header, and the browser makes a note to purges it's history of the value set in the Host header from the cache and all cookies received from that location when the window is closed, which is the behaviour of a "Private Browsing" session in Firefox or "Incognito" session in Chrome (webkit based I believe). Except this goes further. Let's suppose one visits the local police station, one may be doing so because one wants to get information, or one wants to report a crime. For the police website either the header "X-privacy: Private" should be set on the crime reporting page and then the browser retrospectively clears the cache and cookies for that domain (and there is probably a good case for disabling bookmarking). Or the entire website runs a header "X-privacy: Optional" which pops up an alert box asking the user if they want a private browser session. This is more to do with what the user cannot do easily themselves across a range of browsers rather than asking the website to not track them (set cookies) or "hoping" that the browser is going to respect Cache-Control headers and expire the pages. Except most people reporting abuse or crime are going to be more concerned with other matters than their browser history settings. Thank you. |